Keywords: Tor traffic, deep learning, machine learning, traffic identification, encrypted traffic
The Onion Router (Tor) is a popular network, widely used by both political dissidents and cyber
criminals alike. Tor attempts to circumvent government censorship and surveillance of individuals
by keeping secret a message’s sender/receiver and content. This work compares the performance
of various traditional machine learning algorithms (e.g. Random Forest, Decision Tree, k-Nearest
Neighbor) and Deep Neural Networks on the ISCXTor2016 time-based dataset in detecting Tor traffic.
The research examines two scenarios: the goal of Scenario A is to detect Tor traffic while
Scenario B’s goal is to determine the type of Tor traffic as one of eight categories. The algorithms
trained on Scenario A demonstrate high performance, with classification accuracies > 99% in most
cases. In contrast, Scenario B yielded a wider range of classification accuracies (40-82%); Random
Forest and Decision Tree algorithms demonstrate performance superior to k-Nearest Neighbors and
Deep Neural Networks.